SB2022080307 - Multiple vulnerabilities in Western Digital Sweet B
Published: August 3, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Incorrect calculation (CVE-ID: CVE-2022-23001)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an incorrect choice of sign bit when compressing or decompressing elliptic curve points. A remote attacker can cause a denial of service condition on the target system.
2) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2022-23002)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the resulting output is not properly reduced modulo the P-256 field prime and is invalid when compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero. A remote attacker can perform a denial of service (DoS) attack.
3) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2022-23003)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the resulting output is not properly reduced modulo the P-256 field prime and is invalid when computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero. A remote attacker can perform a denial of service (DoS) attack.
4) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2022-23004)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists when computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. A remote attacker can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.